制作 RPM 包
安装相关依赖
# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y创建所需目录
# mkdir -p /root/rpmbuild/{SOURCES,SPECS}
# cd /root/rpmbuild/SOURCES下载源码包
下载地址:
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
https://src.fedoraproject.org/repo/pkgs/openssh/
# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
# tar -xvzf openssh-8.4p1.tar.gz
# tar -xvzf x11-ssh-askpass-1.2.4.1.tar.gz修改配置文件
# cp openssh-8.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
# cd /root/rpmbuild/SPECS/
# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec构建
# rpmbuild -ba openssh.spec
构建成功结果如下:
Wrote: /root/rpmbuild/SRPMS/openssh-8.4p1-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-8.4p1-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.pshj6r
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-8.4p1
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-8.4p1-1.el7.x86_64
+ exit 0验证软件包
# ls /root/rpmbuild/RPMS/x86_64/
openssh-8.4p1-1.el7.x86_64.rpm openssh-clients-8.4p1-1.el7.x86_64.rpm
openssh-askpass-8.4p1-1.el7.x86_64.rpm openssh-debuginfo-8.4p1-1.el7.x86_64.rpm
openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm openssh-server-8.4p1-1.el7.x86_64.rpm构建过程报错解决
错误1:
error: Failed build dependencies: openssl-devel < 1.1 is needed by openssh-8.4p1-1.el7.x86_64
解决办法:
注释BuildRequires: openssl-devel < 1.1这一行
# sed -i 's/BuildRequires: openssl-devel < 1.1/#&/' openssh.spec错误2:
error: Failed build dependencies: /usr/include/X11/Xlib.h is needed by openssh-8.4p1-1.el7.x86_64
解决办法:
安装libXt-devel imake gtk2-devel openssl-libs
# yum install libXt-devel imake gtk2-devel openssl-libs -y开始升级
备份配置文件
# cp /etc/pam.d/{sshd,sshd.bck}
# cp /etc/ssh/{sshd_config,sshd_config.bck}安装telnet
避免 openssh 升级识别无法登陆,安装telnet(同时开启两个窗口)
# yum install telnet-server xinetd -y
# systemctl enable --now xinetd.service
# systemctl enable --now telnet.socket配置 telnet 登陆
//注释auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so这一行
# sed -i 's/^auth \[user_unknown=/#&/' /etc/pam.d/login
# cat >> /etc/securetty <<EOF
pts/1
pts/2
EOF
//测试登陆
[C:\~]$ telnet 192.168.3.179
Trying 192.168.3.179...
Connected to 192.168.3.179.
Escape character is '^]'.
Kernel 3.10.0-957.27.2.el7.x86_64 on an x86_64
localhost0 login: root
Password:
Last login: Thu Dec 31 15:28:23 from 192.168.3.144
[root@localhost0 ~]#安装新版本
更新openssh版本
# yum update ./openssh* -y启动ssh服务
恢复备份的配置文件,并重启sshd
# \mv /etc/ssh/sshd_config.bck /etc/ssh/sshd_config
# \mv /etc/pam.d/sshd.bck /etc/pam.d/sshd
# sed -i '/.*PermitRootLogin.*/d' /etc/ssh/sshd_config
# echo -e '\nPermitRootLogin yes' >> /etc/ssh/sshd_config
# sed -i '/.*PasswordAuthentication.*/d' /etc/ssh/sshd_config
# echo -e '\nPasswordAuthentication yes' >> /etc/ssh/sshd_config
# chmod 600 /etc/ssh/*
# systemctl restart sshd验证登陆
新开窗口连接登陆测试,没有问题后再进行下面的关闭telnet步骤。
注意:请勿关闭当前窗口,另外新开窗口连接没问题,再关闭。
关闭 telnet
注意:开启telnet的root远程登录极度不安全,账号密码都是明文传输,尤其在公网,所以一般只限于在某些情况下内网中ssh无法使用时,临时调测,使用完后,将相关配置复原,彻底关闭telnet服务!
# systemctl stop telnet.socket && systemctl disable telnet.socket
# systemctl stop xinetd.service && systemctl disable xinetd.service验证当前版本
# ssh -V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017build脚本
该脚本用于制作openssh rpm包
使用方法:rpmbuild_openssh.sh 8.4
# @Date :2021/1/1 15:13
# @Author :ives
# @Email :381347268@qq.com
# @File :rpmbuild_openssh.sh
# @Desc :制作openssh rpm软件包,通过tar包build
openssh_version=$1
#判断是否传入正确的软件包
if [ "${openssh_version}" ] ;then
echo -e "\033[41;37m当前build的openssh版本为: ${openssh_version}\033[0m"
else
echo "常用版本有:8.0, 8.1, 8.2, 8.3, 8.4"
echo
echo -e " 请输入需要build的openssh版本号 示例: \033[36;1m$0 8.4\033[0m"
exit 1
fi
# 安装依赖
function install_dependency() {
yum install -y wget rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel openssl-libs >> /dev/null && sleep 3
}
# 下载软件包
function download_package() {
mkdir -p /root/rpmbuild/{SOURCES,SPECS}
cd /root/rpmbuild/SOURCES
echo -e "\033[34;1m开始下载软件包:openssh-${openssh_version}p1.tar.gz \033[0m"
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${openssh_version}p1.tar.gz >> /dev/null && echo "openssh-${version}p1.tar.gz下载成功..."
if [ $? -ne 0 ]; then
echo "openssh-${openssh_version}p1.tar.gz下载失败...请检查网络环境或版本是否存在"
exit 2
else
echo -e "\033[34;1m开始下载软件包:x11-ssh-askpass-1.2.4.1.tar.gz \033[0m"
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz >> /dev/null && echo "x11-ssh-askpass-1.2.4.1.tar.gz下载成功..." && sleep 3
if [ $? -ne 0 ]; then
echo "x11-ssh-askpass-1.2.4.1.tar.gz下载失败...请检查网络环境是否正常"
exit 2
else
tar -xf openssh-8.4p1.tar.gz && tar -xf x11-ssh-askpass-1.2.4.1.tar.gz
fi
fi
}
# 修改配置文件和build
function config_and_build() {
cp openssh-8.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i 's/BuildRequires: openssl-devel < 1.1/#&/' /root/rpmbuild/SPECS/openssh.spec
cd /root/rpmbuild/SPECS
echo -e "\033[34;1m开始制作 openssh${openssh_version} 相关rpm软件包 \033[0m"
rpmbuild -ba openssh.spec
if [ $? -eq 0 ]; then
echo -e "\033[34;1mopenssh${openssh_version} 相关rpm软件包制作成功,生成的软件包信息如下: \033[0m"
echo
echo -e "\033[33;1m软件包存放路径:/root/rpmbuild/RPMS/x86_64/ \033[0m" && ls /root/rpmbuild/RPMS/x86_64/
else
echo -e "\033[33;1mopenssh${openssh_version} 相关rpm软件包制作失败,请根据报错信息进行解决,再重新进行编译 \033[0m"
fi
}
function main() {
install_dependency
download_package
config_and_build
}
main人生是条无名的河,是浅是深都要过; 人生是杯无色的茶,是苦是甜都要喝; 人生是首无畏的歌,是高是低都要唱。
